Interested in Cyberattacks?

Friday, May 12: Morning

The first appearance of the cyberattack was registered in Europe at what would have been 3:24 a.m. Eastern time, according to a report by The Financial Times.

Telefónica, a Spain-based telecommunications company, was among the first major organizations to report being hit by the attack, and institutions in England's health care sector first reported problems by late morning on Friday, according to the FT.

The malware locked computers and blocked access to patient files in England's public hospitals.

NHS Digital, the body of the Department of Health that uses information and technology to support England's health care system, told ABC News it was working closely with the National Cyber Security Center and other agencies to fix the damage.

"We are continuing to work around the clock to support NHS organizations that have reported any issue due to yesterday's cyberattack," NHS Digital said in a statement Saturday.

Chris Camacho, chief strategy officer at the cybersecurity firm Flashpoint, told ABC News that health care companies were particularly ripe for ransomware attacks like this one because patient records are so critical to care.

“There’s nothing you can do but pay once you’re hit,” Camacho said in an interview. “If you need that data back, you’re going to pay.”

By Friday afternoon, 16 National Health Service (NHS) facilities reported that they were affected by the cyberattack.

Friday, May 12: Afternoon

The attack spread to a large swath of different organizations around the world, including the French car company Renault, the Russian cellphone operator MegaFon and U.S.-based FedEx.

A FedEx spokesperson confirmed to ABC News that it was among the victims of the attack.

“Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware,” the spokesperson said in a statement. “We are implementing remediation steps as quickly as possible. We regret any inconvenience to our customers.”

The U.S. Department of Homeland Security said in a statement on Friday that it was "aware of reports of ransomware affecting global entities."

A cybersecurity researcher from the security company Proofpoint discovered an unregistered domain buried in the code of the virus, and shared his findings on social media.

A 22-year-old British researcher identified online as "MalwareTech" saw the findings and activated a "kill switch" for the attack, slowing its spread.

"I was actually panicking because because one of my analysts made a mistake and they had said by registering the url we had started the infection," the unnamed researcher told ABC News. "So, I was panicking looking through the code and I realized that actually no, we had stopped it."

Microsoft also issued a statement, calling the circumstances painful.

"Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful," according to the statement. "Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers."

Saturday, May 13

Experts anticipated that an update to the malware could be released, therefore increasing its spread.

"Currently the spreading of the ransomware is slowed down dramatically because a researcher found a logic bug in the malware, not because the companies around the world are having good security practice," Matt Suiche, founder of Comae Technologies, a cybersecurity company in the United Arab Emirates, told ABC News on Saturday.

"I'd even say this update probably already happened," he added.

Microsoft rolled out an additional security update for its customers to further protect Windows platforms.